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Abstract of CA2366562 

The invention concerns a system and method for the secure creation, approval and distribution of 
electronic documents in an open and distributed network environment. Personal information of a user for 
whom a profile is being created; identity verification data; and relevant data regarding the user ar e 
obtained in order to create a virtual identification profile (VIP). The information is updated and edited and 
a variable authentication code (VAC) related to this information is calculated. The VIP is then encrypted, 
and a central location is updated with the information. The VIP can be used in a system which includes a 
central location for storing and updating a pluralit y of VIPs. and at least one application for creating a 
document, the applicati on being in communication with the central location. The application verifies i f the 
VIP contains pertinent data for the user and for inserting the pertinent data into the document at the time 
of creation and for approving the documen t once created. 
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SECURE ELECTRONIC DOCUMENT CREATION, APPROVAL AND DISTRIBUTION 
METHOD IN AN OPEN AND DISTRIBUTED NETWORK ENVIRONMENT 



SECURE ELECTRONIC DOCUMENTCREATION. APPROVAL AND 
DISTRIBUTION METHOD IN AN OPEN AND DISTRIBUTED NETWORK 
ENVIRONMENTField of the invention 

The present invention relates to a method for the secure creation, approval and distribution of electronic 
documents In an open and distributed network environment. 

Background of the Invention 

Figure 1 show the typical hybrid document environment revalent in most organizations and 
corporations.Basically documents originate in one of two ways: they start their existence as a paper 
document or as an electronic document. In the majority of cases, documents are approved using 
handwritten signatures and/or seals. These approvals are usually executed on paper documents. Once 
the paper document has been approved, it is usually stored in a file cabinet or scanned into an electronic 
file for storage. The paper documents are distributed via fax. courier or mail service. In general, original 
documents are the documents that are signed orsealed, and tend to be stored by the organization forlegal 
reasons. Therefore, documents that are approved on paper or originated on paper are extremely hard to 
eliminate once they have been created and approved. 

Most corporations and organizations in North America and Europe have now adopted computers and 
networks. The advent of Internet is further accelerating the adoption of computers into homes and 
businesses. However, the majority of the information is still created, approved, stored and distributed on 
paper documents. Paper is extremely expensive and difficult to store, handle and distribute. However, 
paper does haveuniversal acceptance throughout the world and there are established infrastructures and 
procedures in place to facilitate the storing, distribution and handling of paper documents. 

Organizations and corporations have customized letterheads to show the proper source of documentOnly 
people who work for these organizations willtypically have access to these special letterheads. 
Additionally, if the contents of the document are important, the document will have to be signed or 
approved by someone.Also, in order for the document to be valid it may need to be signed by someone at 
a certain level. In other cases, there have to be multiple signatures for the document to be valid. The 
document might also require multiple signatures and notarization for independent verification of the 
document. For some documents to be valid, a company seal has to be applied to the document. The idea 
behind theseal is that even if someone has access to the letterheads of the company, the seal is 
usuallyonly available to a trusted authority and to reproduce the seal is more difficult than it is to reproduce 
the letterhead. This is another security measure to try and prevent the possibility of fraud in the 
organization. 

Certain document such as bank notes, are unique and serialized, and may also have designs, which 
makes them difficult to copy or reproduce. 

There is however, toApplicanfs knowledge, no product that provides the equivalent electronic solution to 
letterhead and signatures. Specifically, particularly when it comes toemail, serious limitations exist with 
respect to its use. 

Basically, an organisation or person can represent itself inemail in one of two basic ways: by a text string 
or via an embedded or linked graphic that represents a corporate logo. 

The problem with both of these approaches is that either they are very impersonal (the text string is 
generic and can be made to look like any other text string), or the graphic logos have no security attached 
to them, so that anyone can apply a logo to anemati and pass it off as that of the owner of the logo. 

A number of solutions have been proposed to approve electronic documents, but they are applicable in a 
closed system. 

However, there has not. to Applicant's knowledge, been developed a solution forsecurely creating, 
distributing and approving documents in an open and distributed network environment. 

Summarv of the Invention: 
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It is an object of the invention to provide a method for the secure creation, approval and distribution of 
electronic documents in an open and distributed network environment. In accordance with the invention, 
this object is achieved with a method for creating a virtual identification profile (VIP), comprising the steps 

of: . 

(a) obtaining personjal information of a user for whom the profile is being 

: : created^■:%^.•' ^ . ^ V*---'!^^ .•■*'♦"•'*• ; ^ .o^ •: •..■ ••-.^ " . . •••-v- 

(b) obtaining id^^^^^^ data; 

(c) obtaining relevant data; 

(d) updating and editing the information gathered at steps (a) to (c) and 
calculating a variable authentication coderelated to this information; 

(e) encrypting theVIP; and 

updating a central location with the information contained in the VIP. 

The invention also concems a method for creating a secure document comprising the steps of: 

(a) obtaining a virtual identification profile for the user creating the 
secure document; 

(b) determining if the virtual identification profile indues pertinent 
information; 

(c) if so, inserting pertinent information from the virtual identification 
profile into the document and making the document ready for use; 

(d) if not, creating a low level document and making the document ready 
for use. 

Additionally, the invention provides for a method for securely printing a secure document including security 
information, comprising the steps of: 

(a) providing the document within an application; 

(b) accessing security information present in the document or associated 
therewith; 

(c) determining if secure print isenabled; 

(i) if not, verifying and inserting security information and printing the 
document; or 

(ii) if so, determining if a central database isavailable; 

(1) if not. aborting the print and informing the user; 

(2) if so, verifying if the print counter isless than a 
predetermined counter; 

if not, aborting the print and informing the user; and 

if so, incrementing the print counter, verifying and inserting 

security information and printing the document. 

A system for creating, approving and distributing secure documents is also contemplated within the 
present invention, comprising: 

a central location for storing and updating a plurality of virtual identification 
profiles (VIP), each of said virtual identification profiles being linked to a 
single user, said virtual identification profile includingpersonal information, 
identity verification data and relevant data, and a variable authentication 
code associated with a respectiveVIP; and 

at least one application for creating a document, said at <RTI least one 
application being in communication with said central location, said 
application verifying if said VIP contains pertinent data for the user and for 
inserting the pertinent data into the document at the time of creation and for 
approving the document once created. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention and its advantages will be more easily understood after reading the following non> 
restrictive description of preferred embodiments thereof, made with reference to the following drawings in 

which: 

Figure 1 [prior art] is a schematic representation of the typical current hybrid document environment; 

Figure 2 is a flowchart of the steps for creating a VIP according to the 

invention; 

Figure 3 is a flowchart of the steps for creating and verifying a document according to the invention; 
Figure 4 is a schematic representation of an EDA according to the invention; 

Figure 5 is a schematic representation of secure printing of a document according to the invention; and 
Figure 6 is a schematic representation of the system according to a preferred embodiment of the 
invention. 
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DESCRIPTION OF A PREFERRED EMBODIMENT OF THE INVENTION 

The main focus of the invention is to permit an organization to function in an open environment, i. e. a 
hybrid document environment as shown in Fig. 1 . The key to making this areality is to use 
thedocument/data and/or thedelivery system todeliver the secure orsecret/controlled information. Another 
imppptant aspect of this invention's toallow.users to work in. the. same enyironmentas described Jn, - 
Figgj-e 1 with minimal modifications to existing procedures and systisms. " . . \ 

Consequently, one important aspect of the invention is the provision of a mechanism to validate the 
contents of the document or the user identification data, using a Variable Authentication Code (VAC). This 
VAC will be mathematicallyrelated to the number of transactions that are done using the data and the 
different number of users. A further important aspect of the invention is to embed in a document an 
embedded document application or to provide alink to the document application, as will be further 
described. 

In the context of the present invention, each of the following major components will be examined indetail: 
User/Organization Identification for Approval and Verification purposesSecure/Controlled electronic and 
paper document creation and approvalSecure/Controlled document printing, storage and distribution 
Secure/Controlled document process and behavior 

It should be noted at the outset that the above components can coexist or exist individually in any given 
system. 

User Identification and Organization Identification 

The first step of the present invention is to structure a virtual identification profile, hereinafter referred to 
as'VIP". The VIP containspersonal and/or corporate information, verification data, relevant data and a 
DAC, which is a mathematical representation of the VIP. 

Identification of the user can be done using various methods. Typically, depending on the security 
requirements, all or some of the following items can be used. However, basic information must be present 
in the VIP.personal information (name, address, etc.); verification data (such as a digitized signature or 
biometric data); relevant data(ID No.; private/public key pair;digital certificates). It should be apparent that 
the more items are used, the easier it will be to identify the individual at a later time:* Name Address * 
Telephone* Email . TitlePrivate/Public Key pair Passwords 
Single or Multiple Certificates 

Social Security NumberMedical Insurance NumberPassport Number 
Other identifying information such as seals, stamps, indicia, etc. 

Photograph Digitized Signature 

Biometric Data 

Voice 

Signature Dynamics 
Retinal Image Finger prints 
Hand metrics 
Face Metrics 
DNA sequence 

Other biometric markers or combination thereof 
Variable Authentication Code (VAC) 

Central Database updated, last updated date, date of last use. etc. 

Additional Data fields-this can definelD of the employer, position (or title) in 
the company, certificates, private keys, public keys-these fields can be 
expanded as required. Therecould also bepersonal information such as 
medical records,travel history, inherited VIP files, financial history etc. 

The process begins 1 1 by determining whether or not a newVIP is being created 13. If so, the personal 
information of the user is obtained and inserted 15, verification data inserted 17, relevant data inserted 19, 
and data is updated or edited and the VAC is calculated 21. All the information in theVIP Is encrypted and 
stored in a secure environment. It should be noted that the VIP can be a file, record in a database, etc. 

If the update is successful 27, the central location is appropriately marked 31 . If the update is not 
successful 35. the creation or update is aborted. 

On the other hand, if what Is being performed is an update of an existing file, the file Is opened 37, and 
steps 21,23,25, and 27 are performed according to the previous description. 
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The information present in theVIP cannot be added ordeleted without user notification 23 and preferably a 
central location 25. However, certain information such as the VAC will beautomatically changed with or 
without user knowledge or consent depending on the circumstances. Editing and manipulating the 
information contained in the VIP file will be strictlycontrolled and recorded by the central location. 
.. . .. Optiqnaljy. all information can.be stored .together.orsepar^teIy/.as .the case may be.. For exampje.medical-;, . : 
records ahd acdess informationcould be storied in separafemedical locations 'with appropriate links inside 
the VIP, as could befinancial infomriation, etc. 

The data in the VIP is preferably stored in an onion model, i. e. in multiple layers. The outermost layer 
contains public or low security information. The next layer contains more secure information and the 
deeper one progresses into the model the more sensitive the data. Each layer can be protected with 
different encryption schemes, so that decrypting one layer does not mean the entireVIP becomes 
compromised. 

In the present invention. theV I Ps have the ability to inherit data from other 

VIPs, For example, if a Person A withVIP A is employed by company B having the company VIP B, then, 
by mutual agreement, certain elements or data contained in the VIPs could be exchanged. In other words, 
theViP A could inherit public data or data that is to be made available to the employees from the 
company'sVIP B. 

This can beaccomplished using existing methods such as tagging data that can be transferred etc. This 
exchange of data can be automatic ormanual. In the example above the VIP A could inherit the company 
address, telephone number, encryption code to be used for secure communications etc. Similarly the 
Company 

VIP Bcould inherit pertinent data from the VIP A. This interactive inheritance could occur in various 
situations such as the one mentioned above. 

The VAC will be modified depending the transactions that are performed using this identification file. 
Anytime independent transactions are performed where this identification file can be identified or linked to 
the real person, the VAC will be increased. The VAC can be normalized to percentage and each 
transaction will create a change in the VAC. For example, transactions that are done with government 
organizations can increase the VAC of the person doing the transaction. As more certificates from other 
agencies are included, the VAC could be Increased. Similarly, the same method could be employed if the 
person is approving secure documents containing high security contents. The assumption here is that 
these documents will behighly scrutinized by others: if illegal VIP files are used to approve, thiswoufd be 
reported and corrected. Also, the VACcould be decreased if theVIP file has not been used for certain time. 

The VAC can be checked and verified before a transaction iscompleted. The type of transaction the user 
will want to participate in will dictate the VAC required. 

The user may need to provide more personal Information to increase the VAC percentage to participate in 
these transactions or add more data to the VIP to increase the VAC. 

The VIP can be created at authorized central locations in an organization or government or private 
agencies that have the appropriate hardware and software (See Figure 2). The software will determine, 
depending on the detail in theVIP, what VAC will be assigned to theVIP. In all circumstances, the VAC is 
intimatelyrelated to the contents of the VIP. 

TheVIP does not have to be a physical file: it could be a record in a database.field, a database entry, web 
page, web site, a location in memory containing the information, etc. Itcould be stored in any format as 
long the information isavailable for use through a network. The word"file"is used in the context of the 
present application as a generic tenn to indicate that the pertinent data isavailable and accessible for use 
and is structured. 

Secure Document Creation and Approval 

In a typical closed environment, document creation and approval can be done using established database 
access methods. For example, all users and their signatures or identification can be stored in a central 
database. During the creation of the user signature file, a unique record can be stored in the central 
database that is linked to the signature file. When a user attempts to sign a document in the closed 
environment, the approval software will check the unique marker in the signature file with the central 
database. If the central database does not contain the unique marker, then the user can be prevented 
from signing the document, A message can be sent to the appropriate authority indicating the fact that an 
unregistered oruncontrolled signature was being used in the closed environment system. However, for this 
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method to work, the environment has to be closed and the central database needs to be accessible to all 
the users. 

Optionally, other identification information can be stored in a central database, such as biometric 
information, and compared against the person approving to verify the identity of the person. This method 
• and procedure is appropriatepniy fp^^ 
central database, such as a manufacturing plant, where everyone is connected to a central database. 
Users can be asked to identify themselves, their identity can be validated using the central database and 
then appropriate access can be granted. 

In a distributed open environment, the closed environment model cannot apply. It has been found that 
some control and security found in closed systems can be present in an open environment by embedding 
the required security features and data in the document itself, according to a feature of the present 
invention (See Figure 3). For example, as a controlled document is created, the document could be signed 
in a manner similar to code signing and appropriate control information such as public keys of the signers 
of the documentcould be inserted therein (assumingpeople will be approving the document). This would 
identify the document as originating from a controlled environment, the public key of the company being 
distributed public, anyone wanting to verify the authenticity of the document being able obtain the public 
key and verify the origin of the document. Additional informationcould be added to the document in an 
encrypted fashion, such as the identity or the public keys of the signers or the biometric information of the 
signerscould be inserted into the document. Now, if this document is to be signed outside the closed 
environment, the approval software can verify the user identity with the ones contained in the document; if 
they are the same it will permit the approval; if not, it will notallow the users to sign. The above 
mentionedVIP file could contain the public key of the employer, in addition to private/public key identifying 
the user. 

The same method can be used to protect the contents of the document. 

The document can be protected using encryption technology. The unlock passwords can be embedded in 
the document, again related to the users who have access to the document. The application to unlock the 
document can be a part of the signing application. The unlock procedure would be similar to the signing 
application, where the user would identify himself/herself using theirVIP file and this would be used to 
unlock and decrypt the encrypted portions of the document. 

More specifically, the present invention provides for a method for creating a secure document. Under a 
given application (such as a word processor, spreadsheet, graphics, etc.), a command is given to initiate 
the creation of such a secure document 101 . A determination is made as to whether the environment is 
closed or open103. If the environment is open, a determination is made as to whether theVIP of the user 
creating the document contains pertinent date to the type of document that is being created 1 05. If so, 
such data is inserted 107. 

Pertinent informationincludes, but is notlimited to, organization identification, document serial number, 
public key, secret identification information, document security information, etc., and additional information 
inserted 109. Additional informationincludes, but is not limited to, approval, distribution, routing,archival, or 
embedded document application information, and that the document is made ready for use. 

If the system is closed, the application checks whether a central database is accessible 115. If so, the 
pertinent information is obtained and inserted in the document 117, and the process continuesnormally at 
step 105. If the central database is not accessible, the process continues at step 105. 

If the VIP does not contain pertinent data, a low-level or uncontrolled document is created, and the 
process continues at step 109. 

Consequently, the present invention, contrary to a closed environment where all of the pertinent 
information and additional information is self-contained and oftencentralized, provides a system and 
method where the document itself includes such information, and thus the relevant and additional 
information isdecentralized. The advantage is that documents can be approved, exchanged, printed, 
distributed, etc., more freely, while at the same time keeping a minimum amount of security. 

More specifically, in the present invention, the document contains information about the signer, and 
information about the origin of the document. 

The contents of the document can be encrypted, and the access to this document can be controlled. 
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Alternatively, the document approval can be completed In a closed environment only. The document is a 
secure document, which means it canonly be approved in a controlled environment. However, today many 
people have mobile computers and they are working when not connected to a network or off site. Since 
the document is supposed to be approved in a secure environment, this creates aproblem. As 
^ mentionedpreyiously, the security information c^n be loaded into the document at creat^^^ . 

. i- v-; . v.:checks carvbe-^ondgeted with^ ; . - v'^^./- 

docunrient is created outside the closed environment and then enters the closed environment for approvals . * ' • / 

to be finalized therein. Here, the users will approve the document outside and then approval will be kept 
pendinguntil the document enters the closed environment and the appropriate security checks are 
conducted. 

Accordingly, the following steps can be followed: 

The document is created outside closed environment 

Optionally, the document could contain a marker indicating whether the 

document is a secure document or if document will contain pending approvals 

•Document is transmitted outside the closed environment 

. Document approval will insert approval token into document with an 

incomplete indicator 

<RTI 'dring approval, if any security breaches occur, for example if the 
password entry is incorrect, this is recorded into the audit trail in the 
document 

* Once the document is introduced back into the closed environment, the 
security checks for the approval are conducted; if the security checks for 
approvals aresuccessful, the approval iscompleted or else the approval 
is rejected 

Optionally, this method would work for closed and open environment, 
when the document enters an open environment: the approval entered 
will become pending and only completed when entering the closed 
system. 

In addition, this invention discloses a method for embedding applications in the document. Embedded 

Document Application (EDA) as shown in Figure 4. The 

EDA's are able to install and execute the application from inside the document. 

Consequently, an advantage of the present invention is that a user receiving a document created 
according to the invention does not require an external application to access ail these approval and 
security functions or any other function a document may contain. The document itself will contain the 
application, or alink to facilitate obtaining the application that is required to achieve all of the required 
functions. Additionally, the application canestablish control with a central database directly or viaemail or 
another method to synchronize activity. If, for example,only a certain number of hardcopies of a document 
can be printed (see 

Figure 5). the application contained in the document or theextemal approval application will access 
security information within the document 301. A determination will be made as to whether secure printing 
is enabled 303. If so, a determination is made as to whether a central database (or other central location) 
is accessible 305. If the database is accessible, the print counter is checked 307. If the counter is less than 
orequal to a predetermined number (meaning that the document can be printed), the print counter is 
incremented by one 309, security information verified and inserted 31 1 and the document printed 313. 

If secure printing is not enabled, the document can be freely printed. 

Consequently, security information is verified 319, and the document is printed 321 . 

If the central database is not accessible, verification cannot be performed and so the print command is 
aborted 317. Similariy, if the print counter is greater than the predetermined number, the print command is 
absorbed 317. 

In the present invention, a central database is used and the access to this database can be through direct 
connection, email, internet and/or the web. 

/ :. Similariy. messages to be displayed could be embedded in the document as are the commands on how 

and where to display them. Optionally, the document could contain an application (another EDA) that 
could learn information about the use andhandling of the document. For example, this other EDA could 
determine theworkflow of the document as it is routed from person to person. This information can then be 
stored in a central access area. When a new document is created, the 
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EDA in the new document checks this central access area for details pertaining toworkflow for this 
document and then uses this information to route the new document. Modifications and changes can be 
added to the central data access area. Optionally, the document could have embedded details of how and 
when it shoul object will load its executable code into memory and execute the code. Optionally, this code 
could access data from a central database and change, modify and/or update data and functions; 
; Optionally ;-€pAcouldK.loa d /a snriall jappHcati9hMnto memory .tha^.<^r>: execute cbr^tinupu^y on t^^^ system;:V;v.v; . \ 
this application can nrionitbr alf other docuni'e^^^ [ ' " 

EDA or activate the document EDA in the document. This will address the issue of a document not being 
opened by the user. The EDA application can have the capability of self promotion, such as the ability to 
inform the users where to find the application or to add the application to new documents. 

Secure Document Distribution 

Once the document has been created and approved, distributing the document can be done using the 
following methods-electronic distribution or paper distribution or a combination of the two. Ideally, as 
mentioned earlier, it is best to eliminate paperaltogether. however, there are situations where paper will 
nonetheless be required. 

In electronic transmission of the document, if the document contains sensitive materials, then it ishighly 
advisable for the document to be encrypted during distribution. Once again, as mentioned earlier, the 
encryption can be done using the keys supplie in the VIP file. For example, if the public key of the reader 
is known, the document can be encrypted with this public key and the recipient can only open it with their 
private key. Another option is to encrypt with the public key of an organization, thenonly people who have 
the private key of the organization can decrypt the document. There are variations on this theme can be 
used Including certificates etc. 

When going to paper, the document will be verified by the EDA or the approval application before placing 
a high quality signature on the document. The approval applications will not place a high quality signature, 
branded image or seals in the document for printing unless the contents are verified. The approval 
application will store low quality signature images or no signature images in the document when the 
document is dosed or when the contents have been altered. 

BEST MODE IMPLEMENTATION 

A user generates VIP files fromcontrolled locations. Appropriate VACs are generated based on the 
security required by the document. The basic public information such as Name, Address andTelephone 
numbers are added. 

Additional private information such as Social Security Number. Driver's license. 

Passport, Medicare numbers can be added.Additional identification Information such as picture, signature, 
biometric informationcould also be added to the file. As mentioned above, the more validated data the 
higher the VAC. 

A very minimal VIP file creation would be the following. A user's signature is digitized, a private/public key 
pair is generated, the application generates a certificate and inserts it into the VIP file (See Figure 
1).Additional certificates if available could also be included into the file. The entire file is then encrypted 
and protected using a user supplie password. The application at a controlled location used to generate 
theVIP file can be given a certificate, and all subsequent files created at the controlled location will add this 
certificate toall VIP files or the application can be used with a default certificate. As mentioned earlier 
additional certificates can be added to this file. If other certificates are used, the public keys of these 
Certificate Authorities must be accessible to the approval application to verify the certificates; these public 
keys could beavailable through a central data base or these keys could be distributed through the 
embedded data contained in the documents. 

A document is created for approval and distribution. If the document is a controlled document, appropriate 
security information can be embedded into the document, along with an EDA that will have the approval 
and possibly other functions. Optionally, if this electronic document is an official document, then 
companyletterhead/identification information will be embedded into the document. 

Upon initiating an approval, the EDA application will request the person to supply their VIP file or enter an 
electronic signature. If the document requires biometric verification, thiscould be requested by the EDA 
and compared with the stored biometric data in the VIP or a central database or in the document etc. If 
everything is in order the signature is entered into the documentalong with other approval information. The 
information is stored in a secure encrypted fashion. 

In a preferred embodiment of the invention, the signature is stored using a special low quality format or a 
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secure reduced noise format. In this last format, the hash of the document is preferably used to create a 
noise pattern which is filtered to various gradients-depending on the quality required-and then combined 
with the signature bitmap. This will render the signature on a gray murky background. 

In order to remove the gray murky background, ! e. noise, the DAC from the document has to bere- 
; caflculated and iised to clean iip.the rtoiseV If. the. DAC has been altered fronri. the tirne, bf^igriing then, the: . ; . 
noise pattern will nbt be the ^am'e as when it was stored; therefore the background will hot be able to be 
completely removed. This is a secure way to bind the clean signature to the contents of the document. 
This is only one possible method, other methodscould use other forms of encryption to store and secure 
the contents and signatures together arereadily available. It is possible to encrypt the signature and 
approval information usingPKI system or symmetric password based system. 

The EDAcould display the signature, branded image orcould display other information aswell, such as 
advertising, corporate logos, messages etc. Once the 

EDA has been used to sign the document, the signature will remain in a safe state -in this state the 
signature will not be displayed in high quality mode unless verified. The signature will only be displayed in 
a high quality mode if the document contents have not been altered from the time it was signed. 

Furthermore, if the user tries to print the document, the signature will not print in high quality mode unless 
the document has been verified to be valid. Once the document has been verified as valid, the EDA will 
display or print a high quality signature. 

The EDA can display other information in the document such as advertising, corporate logos, messages 
etc. It is possible for this information to be updated periodically via a central database. This will enable the 
advertising, logos and messages to be updated dynamically, and the updatescould be targeted to the 
actual users. The advertising or messages could be different for each person-if this is desired. 

Once the document has been signed it can be emailed to the next user. 

Again, if the document contains an EDA for signing then the next user can open the document and would 
be able to work with the signed document. If they have a separate approval application they will also be 
able to work with the signed document. 

If however, the document now needs to go to paper for paper distribution, the user can electronically print 
the document, the EDA or the approval application will verify the contents of the document and then if the 
verification is valid, it will print the document with the signatures. 

In this implementation the signature is used as the control feature for the document. If the users needs to 
see or print the document with the signature, the 

EDA has to verify the document and only then will it display the high quality signature; othen/vlse the 
signature is displayed in low quality mode (note: the signature could be alternatively completely removed). 
It is also possible to use the 

EDA without any signatures but to use images that are part of a branded identity, such as corporate logos 
to achieve the same results. For example the EDA could display a watermark indicating the document is 
invalid-this watermark will only be removed by the EDA if the document contents are verified. 

In a prefen^ed embodiment of the invention, the EDA can be used in the following manner. An VIP, which 
is preferably a representation of a logo, is applied to a document, email message, web page or other 
electronic media. 

Certain elements of the VIP are tied to the document, email message, web page or other electronic media. 
The document, email message, etc., is sent to another user or viewed by another user. If between the time 
the VIP elements were introduced and tied to the document and the subsequent receipt or viewing of the 
document, the document was modified, the EDA will not display the logoproperly (i. e. with an indication 
that the document has been modified), or wifl not display it at all. Consequently, the present invention can 
enable companies to create secure electronic letterhead with which the company can promote its identity 
electronically, without fear of somebodysimply cutting and pasting the logo from one document to another 
andtherefore passing it off. 

Advantageously, unlike paper-based letterhead, the present invention can provide an intelligent letterhead 
(or logo), which can have multiple views. For example, company A has created dynamic logo A, which 
includes sloganAI, followed a few seconds later by slogan A2 and then slogan A3, which cycle again. 

This intelligent logo is then tied to an electronic document according to the method and system of the 
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present invention. A recipient of the document will be able to verify that the document has not been 
modified since its creation, or has been modified according to established criteria (for example, multiple 
signings). 

However, should a person cut and paste the logo from the original document to another document, the 

logo, will Invalidate itiself and indicate.that thje .logo. and. the documejit to.which jt js.attache^^ . , 

genuine^ *■ ' • *' ' • • ' - ^ • • ''v\ • : • ''*:..* . ' •• • • 

It should be understood that the logo is intimately tied to theVIP of the company, and is inserted into a 
document through an EDA. 

Alternatively, the EDA can also be used to function as a security unit. Users do nottypically encrypt 
mostemail messages. This is mostly due to Ignorance of the danger that exists there and the relative 
difficulty of using encryption software. 

The EDA application can be used to achieve this in a single step. When creating the document, the users 
can specify if the document is specific to one person or if access to this document islimited to employees 
of a certain organization. If the document is meant for one person, the EDA could encrypt the contents 
using the public key of the intended recipient Once the intended recipient receives the document the EDA 
will request that the person supply theirVIP file; this will contain the private key required for decrypting the 
data. Similarly, if the document is meant for employees of a particular organization the contents could be 
encrypted using the public key of the organization; anyone wishing to access the contents must have the 
organizations private key. (Note: this private/public key pair could be used just for documents-otherwise 
there could be a security risk if multiple people have the private key). Key managementcould also be 
accomplished by using the EDA; after a certain period of time all users could be forced to a central 
database for updating theirVIP files; during this time appropriate keys could be replace or updated. 

Accordingly, the present invention also provides a system for creating, approving and distributing secure 
document. The system includes a central location 401 (but could include more than one as 
mentionedpreviously). The central location 401 is adapted to store and update a plurality of VIPs which 
can be created at the central location or other authorized location. Each of theV ! Ps are linked to a single 
user (such as a person or corporate organization). TheVIP, as mentioned above, includes at least 
personal information, identity verification data, and a VAC. 

The system Indues atleast one application 403 for creating a document. 

The application is in communication (which is meant to include intenmittent or sporadic communication, 
such as for a mobile user) with the central location through a network 402. the application is adapted to 
verify if theVIP of the user creating the document contains pertinent information, and to insert such 
pertinent information into the document, and to approve the document once created. If the system is 
closed, it can also include a central database 405 which can also include pertinent information. 

If. however, the VIP does not contain pertinent information, then alow-level document is created. 

In a preferred embodiment of the invention, the document also includes approval, distribution, routing, 
archival, or EDA information. Consequently, an advantage of the present invention is that the document 
itself includes all of the above information. Consequently, the document can travel within closed and open 
systems, all thewhile maintaining a minimumlevel of security. 

Consequently, when the document is sent to a recipient application 407. such as another user (through e- 
mail), a fax machine 409 or a printer 41 1, the recipient application 407 does not need to recognize what 
type of document it is and how to handle it. In fact, the documentitself contains such information, either 
through theVIP or through an EDA. When action is to be taken with the document, such as printing, the 
appropriate verifications are performed based on the information contained in the document. 

It should be understood that the recipient application can be just about anything, including an electronic 
storage media (i. e. CD-ROM, DVD. etc.). 

The following definitions are helpful in understanding the present invention. 
Definitions: 

Approval Data: In general approval data includes information about the person approving, DAC of the 
document. Audit trail, signatures, biometric information, etc. 
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Ail or some of the information could be present. This data Isusually encrypted for security reasons. 

Distribution System: Distribution system implies various methods of distributing data such asemail, 
networks, world wide web, transactions in a transaction processing system, messages or links etc. 



graphics, audio, email or any other data or a combination of all of the above. The Electronic document can 
also contain multiple files containing all or some of the above mentioned items. 

Although the present invention has been explained hereinabove by way of a prefen^ed embodiment 
thereof, isshouid be pointed out that any modifications to this preferred embodiment within the scope of 
the appended claims is not deemed to alter of change the nature and scope of the present invention. 
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SECURE ELECTRONIC DOCUMENT CREATION, APPROVAL AND DISTRIBUTION 
METHOD IN AN OPEN AND DISTRIBUTED NETWORK ENVIRONMENT 

, :.CIai.m§^ofporresp^^^ .. . .. / , - * . . 1 . . . . * : 



CLAIMS 1 . A method for creating a virtual identification profile (VIP), comprising the 
steps of: 

(a) obtainingpersonal information of a user for whom the profile is being 
created; 

(b) obtaining identity verification data; 

(c) obtaining relevant data; 

(d) updating and editing the information gathered at steps (a) to(c) and 
calculating a variable authentication coderelated to this information; and 

(e) encrypting the VIP. 

2. A method according to claim 1, wherein said method further includes the 
step of updating a central location with the information contained in the VIP, 
determining if the update has been successful, and if so marking the central 
location accordingly, and if not, marking the central location accordingly. 

3. A method according to claim 2, wherein said method further includes the 
steps, prior to step (a), of determining if the VIP is a newVIP, and if so, 
bypassing steps (a) to (c) and executing directly steps (c) to{f). 

4. A method for creating a secure document comprising the steps of: 

(a) obtaining a virtual identification profile for the user creating the secure 
document; 

(b) determining if the virtual identification profile includes pertinent 
information; 

(c) if so, inserting pertinent information from the virtual identification profile 
into the document and making the document ready for use; 

(d) if not, creating a low level document and making the document ready for 
use. 5. A method according to claim 4, wherein said method further includes the 
step of first determining if the document is being created in a closed 
environment, and if so determining if the database isavailable and 

obtaining firom the database pertinent information and inserting the same 
into the document and then proceeding with step (b); if the document is not 
being created in a closed environment, proceeding to step (b); and if the 
database is notavailable, proceeding to step (b). 

6. A method according to claim 5, wherein said method further includes at step 

(c) inserting additional information into the document. 

7. A method according to claim 5, wherein said method further includes at step 

(d) inserting additional information into the document. 

8. A method according to claim 6, wherein said step of adding additional 
information further includes the step of adding approval, distribution, 
routing, archiva or embedded document application information. 

9. A method according to claim 7, wherein said step of adding additional 
information further includes the step of adding approval, distribution, 
routing, archival or embedded document application information. 

10. A method according to claim 4, wherein said method further includes the 
step (e) approving the document. 

1 1 . A method according to claim 10, wherein said step (e) of approving the 
document includes the step of inserting into a document an EDA. 

12. A method according to claim 11, wherein said VIP includes an electronic 
signature which can be verified by said EDA, 
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13. A method according to claim 1 1. wherein saidVIP contains a dynamic logo, 
and said EDA displays said dynamic logo if the document has not been 
modified from the time the VIP has been tied to the document and the time 
the document is viewed. 

14. A method.for securely printing a seizure document including security 
information, comprising the steps of: 

(a) providing the document within an application; 

(b) accessing security information present in the document or associated therewith; 

(c) determining if secure print isenabled; 

(d) if not, verifying and inserting security information and printing the 
document; or 

(i) if so. determining if a central database isavailable; 

(1 ) if not, aborting the print and informing the user; 

(2) if so, verifying if the print counter isless than a 
predetermined counter; 

if not, aborting the print and informing the user; and 

if so, incrementing the print counter, verifying and inserting 

security information and printing the document. 

1 5. A system for creating, approving and distributing secure documents 

comprising: 

a central location for storing and updating a plurality of virtual identification 
profiles (VIP), each of said virtual identification profiles being linked to a 
single user, said virtual identification profile including personal information, 
identity verification data and relevant data, and a variable authentication 
code associated with a respective VIP; and 
atleast one application for creating a document, said atleast one 
application being in communicafion with said central location, said 
application verifying if saidVIP contains pertinent data for the user and for 
inserting the pertinent data into the document at the time of creation and for 
approving the document once created. 

16. A system according to claim 1 5, wherein said system is a closed system, 
and wherein said system further includes a database storing pertinent 
information; so that said pertinent information is inserted into said document 
at the time of creation. 

17. A system according to claim 1 5, wherein said system is an open system, 
and wherein, when it is determined that the VIP does not contain pertinent 
information, said system creates a low level document. 

18. A system according to claim 16, wherein the document includes approval, 
distribution, routing, archiva or embedded document application 
information. 

19. A system according to claim 1 5. wherein the system further includes atleast 
one printer, and said application further indues a module for determining 
whether the security information associated with the document permits 
printing of the document, whether securing printing is enabled, whether a 
central database is accessible, and whether a print counter isless than a 
predetermined number, and for incrementing the print counter when the 
document is printed. 

20. A system according to claim 15. wherein the system further indues a 
recipient application, and wherein said system includes a module for 
detemnining if the document can be transmitted to the recipient application. 

21. A system according to claim 20, wherein said recipient application is a fax. 

22. A system according to claim 20, wherein said recipient application is an 

email package. 23. A system according to claim 20, wherein said recipient application is a 
electronic storage media. 
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24. A system according to claim 1 5, wherein said system further includes 
embedding into the document an embedded document application. 

25. A system according to claim 24. wherein said VIP includes a dynamic logo, 
and wherein said EDA displays said dynamic logo if said document has not 
been changed from the time the VIP is tied to the document to the time the 
document is viewed. 

26. A system according to claim 24, wherein saidVIP includes a signature, and 
wherein said EDA displays said signature in a dear form if said document 
has not been changed from the time theVIP Is tied to the document to the 
time the document is viewed, or displays said signature in a clear form if 

said EDA determines that said document has been modified according to 
predetermined criteria. 
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